Brightcloud is the source Cisco uses for the URL categories.
You can lookup a given site using http://www.brightcloud.com/tools/url-ip-lookup.php.
You cannot download a copy of all the sites they include for a given category.
Hi Marvin ,
do you know how often they update this list ? Yesterday i totally gone crazy on one of customer ,i was not able to block most famous adult and proxy sites ? Is this a bug ?
It's upated continually - i.e. multiple times throughout the day.
Did you check the connection records for the traffic that was not being blocked and see the Category that FirePOWER assigned the traffic?
Yes ,i see that this site falls under Uncategorized site ,but when i check it on site it shows that it is already under adult category .
Are any sites showing up categorized correctly? If your FMC DNS lookups aren't working that would cause all site lookups to fail (= Uncategorized)
After verification commands i see that i can successfully connected to Brightcloud database and resolve it.
admin@firepower2:~$ sudo nslookup service.brightcloud.com
admin@firepower2:~$ telnet service.brightcloud.com 80
Connected to service.brightcloud.com.
Escape character is '^]'.
That appears to be OK.
Can you share a screen shot of your Acess Control Policy rules that you're using for URL Monitoring or Blocking?
If you cannot, it might be easiest to just open a TAC case.
That looks straightforward.
Assuming it's deployed to your devices, I would expect that policy to block the defined categories as long as your source user was not a member of the Managers or IT Dept. groups.
I have used similar policies on FirePOWER 5.3 through 6.2 and they worked fine.
You might want to open a TAC case so they can work with you interactively.
I am sure that source was true ,but it doesnt match ,unfortunately I can not open TAC because customer still wants to test and compare it with Checkpoint and PaloAlto ,so what would you recommend to do ?